''Digital Forensics XML'' is the effort to create an XML schema to allow for easy interoperability between different forensic tools.

+

''Digital Forensics XML'' (DFXML) is the effort to create an XML schema to allow for easy interoperability between different forensic tools.

+

+

Currently there is no Digital Forensics XML standard and there is no fixed schema. There is a [[http://www.nsrl.nist.gov/DFXML/fileobject.xsd draft schema]] available [[http://www.nsrl.nist.gov/Downloads.htm from NIST]]. Instead, we are slowly creating a set of tools that can produce or ingest XML with a common set of tags. It would be nice to have a more aggressive effort, but to date there has not been sufficient funding.

+

+

Given this state of affairs, our current strategy is to:

−

Today there is no Digital Forensics XML standard and there is no schema. Nevertheless there are a growing number of tools that can either produce or ingest XML data. Given this state of affairs, the goals of this project are:

* Develop a set of standardized tags and data representations for current XML tools.

* Develop a set of standardized tags and data representations for current XML tools.

* Modify our tools to produce XML similar to the sample XML.

* Modify our tools to produce XML similar to the sample XML.

* Develop a DTD and schema to allow XML validation.

* Develop a DTD and schema to allow XML validation.

−

==XML Forensics Tools==

+

==Tools==

+

+

===Tools that produce DFXML===

+

If you want to work with DFXML, you may wish to start with the [https://github.com/simsong/dfxml DFXML package on github].

+

+

The following tools are known to produce DFXML:

+

* The [[fiwalk]] C++ program produces DFXML for files from disk images using SleuthKit.

* [http://mark0.net/soft-tridscan-e.html TrIDScan], which has an XML language to describe file types.

* [http://mark0.net/soft-tridscan-e.html TrIDScan], which has an XML language to describe file types.

+

* [https://github.com/simsong/dfxml DFXML toolkit on Github]

[[Category:Top-Level]]

[[Category:Top-Level]]

Revision as of 23:14, 6 February 2013

Digital Forensics XML (DFXML) is the effort to create an XML schema to allow for easy interoperability between different forensic tools.

Currently there is no Digital Forensics XML standard and there is no fixed schema. There is a [draft schema] available [from NIST]. Instead, we are slowly creating a set of tools that can produce or ingest XML with a common set of tags. It would be nice to have a more aggressive effort, but to date there has not been sufficient funding.

Given this state of affairs, our current strategy is to:

Develop a set of standardized tags and data representations for current XML tools.